On Wed, Jun 07, 2006 at 11:59:02AM +0100, Ian Jackson wrote:
> This is definitely wrong. SPI should not be involved in licence
> approval. Firstly, because licence approval is often a political
> decision for Debian. And secondly because SPI is not the licencee and
> it is very important for this to remain clear. The licencees are
> Debian's developers, ftpmasters, users, mirror operators, etc.
I'm once again not sure that the distinction is that clear. In the
example of a GPL'd program that Debian distributes, is it the Debian
project distributing it or is it individual ftpmasters? Even if the
ftpmasters approve it, isn't Debian making it available for download on
project machines? I'd say that the Debian project is exercising its
rights under the GPL to distribute gcc, and that SPI could be on the
hook if Debian does something wrong. While I agree that Debian
developers do not act as agents of SPI, I am not so sure that a court
would find this distinction to be relevant in these cases.
Having said that, I agree that SPI should not be involved in internal
Debian decisions regarding licensing. That is normaly a Debian matter,
and a question for them to pursue with regards to Debian's own
procedures.
But this license specifically is binding upon Debian, as a distributor
of the software, and specifically requires indemnification for Sun.
Like the GPL, Debian cannot redistribute it (even copy it to mirrors)
without following the license. But unlike the GPL, this license may
require active investment and participation in court cases between third
parties.
I think there are instances where SPI not only can step in, but *must*
-- and this is required both by the Debian constitution and the SPI
Bylaws:
* If a member project engages in activities that would jeopardize
SPI's classification as a non-profit entity
* If a member project engages in illegal activities or presents
significant legal exposure to the organization
> (by Debian developers or by anyone else) to violate a copyright then
> we will act to prevent ourselves from being liable for contributory
> infringement. But in this case it seems clear that Sun are happy with
Right (that sounds like my second point above).
> the situation, so there is no actual infringement. And of course
> Debian already has an existing and very responsive notice-and-takedown
> procedure which means that SPI rarely has to get involved.
First of all, corporate winds can change. But really my point is not
that SPI should have rejected this license. My point is that SPI should
have been consulted about the indemnification so that we could get the
advice of our attorney, and perhaps based on his feedback, either raise
concerns about it (or not).
-- John